Hyland Connect

luminary_mb · ‎08-27-2009

Hi,

What is the simplest method to enable single sign on so that when users try to access the Alfresco web client, they are automatically logged in via their Windows login credentials? We would still like to maintain the list of users within Alfresco. What type of configuration is required to do this?

I am using Alfresco Enterprise 3.1 on a Linux Ubuntu server.

Thanks.

luminary_mb · ‎09-01-2009

Any suggestions on this anyone? Any help will be much appreciated.

Thanks.

paulweb · ‎09-01-2009

I work with 3.2, but look this post http://forums.alfresco.com/en/viewtopic.php?f=9&t=21268 and http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems.
i use chain passthru1

asstrhru,ldap1:ldap-ad and kerberos1:kerberos. but must worka and with chain alfrescoNtlm1:alfrescoNtlm:ldap1:ldap-ad
if mozilla open in address

about:config

1. ntlm
network.automatic-ntlm-auth.trusted-uris=http://yourdomain
2.kerberos
network.negotiate-auth.trusted-uris=http://yourdomain

Ie7+
1.ntlm
automatic
2.kerberos read post http://forums.alfresco.com/en/viewtopic.php?f=9&t=21268

luminary_mb · ‎09-09-2009

Ive edited the web.xml file to change the settings to use NTLM authentication, and Ive added the domain settings into the file-servers.xml file. Ive decided not to use NTLM Passthrough because I'd like to control the users within Alfresco.

When I try to access the Alfresco web client now, a Window pops up telling me to enter a username and password which then grants me access to the system. It no longer takes me to the Alfresco login page. But a couple of things…

- Its still not using my Windows credentials to authenticate me and grant me access to the system.
- Why is a window popping up telling me to enter my username and password?

I think I may be missing something in the configuration, such as not connecting to our company's domain controller properly. Does anyone have any ideas on how to get this to work?

Thanks.

dward · ‎09-09-2009

What browser are you using?

luminary_mb · ‎09-10-2009

Internet Explorer 7 at the moment. But I would also like this to work with Internet Explorer 8 and Mozilla Firefox.

dward · ‎09-10-2009

Make sure you add the alfresco server to the "Local intranet" security zone. For that zone, select "Custom Level…" and check what the "User Authentication" settings are.

luminary_mb · ‎09-10-2009

Thanks, I've got rid of the Window popping up now that used to ask me for my username and password.

How do I now link my Alfresco application to our company domain controller so that it grants access automatically to anyone in our company thats logged onto their Windows computer through our domain? Do I need to enable NTLM Passthrough for this, or can it be done without Passthrough?

dward · ‎09-10-2009

Yes you need to use passthru authentication. And if you want all users and their attributes brought over before they log in, you probably need LDAP sync as well. If you were using v3.2 it would be so much easier to explain!

luminary_mb · ‎09-10-2009

OK. So I'm in the process now of configuring the ntlm-authentication-context.xml file to use NTLM passthru. I have the following properties to edit in the authentication component bean:

- useLocalServer
- servers
- personService
- nodeService
- transactionService
- guestAccess

From my understanding, to get this to work I only need to edit the servers property tag to include the IP address of the server where our domain controller is located? What about the domain name itself, where does that go in here? I've already put the domain name into the DomainMappings tag in the file-servers.xml file.

Also what about the other properties in here, do I need to edit them? And finally do I need to add in the protocolOrder property and set it to either NetBIOS or TCPIP?

Hyland Connect

Single Sign On using Windows Authentication